Latest CVE Feed
-
8.8
HIGHCVE-2017-18179
Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password change or a session termination. Also, it is transmitted as a GET parameter. This is fixed in 10.1.... Read more
Affected Products : sitefinity- Published: Feb. 12, 2018
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2017-18178
Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue in which an authentication token is sent to the redirection target, if the target is specified using a certain %40 syntax. This is fixed in 10.1.... Read more
Affected Products : sitefinity- Published: Feb. 12, 2018
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2017-18177
Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. This is fixed in 10.1.... Read more
Affected Products : sitefinity- Published: Feb. 12, 2018
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2017-18176
Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1.... Read more
Affected Products : sitefinity- Published: Feb. 12, 2018
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2017-18175
Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration (aka Templateconfiguration), as demonstrated by the src attribute of an IMG element. This is fixed in 10.1.... Read more
Affected Products : sitefinity- Published: Feb. 12, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-18174
In the Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free.... Read more
Affected Products : linux_kernel- Published: Feb. 11, 2018
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2017-18173
In case of using an invalid android verified boot signature with very large length, an integer underflow occurs in Snapdragon Mobile in SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 810, SD 820, SD 835, SDM630, SDM636, SDM660, Snapdragon_High_Med_201... Read more
Affected Products : sdm660_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_835_firmware sdm630_firmware sdm636_firmware snapdragon_high_med_2016_firmware sd_425_firmware sd_427_firmware +16 more products- Published: May. 06, 2019
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2017-18172
In a device, with screen size 1440x2560, the check of contiguous buffer will overflow on certain buffer size resulting in an Integer Overflow or Wraparound in System UI in Snapdragon Automobile, Snapdragon Mobile in version MDM9635M, SD 400, SD 410/12, SD... Read more
Affected Products : sdm660_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_835_firmware mdm9635m_firmware sdm630_firmware sdm636_firmware sd_410_firmware +38 more products- Published: Oct. 23, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2017-18171
Improper input validation for GATT data packet received in Bluetooth Controller function can lead to possible memory corruption in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD ... Read more
Affected Products : android sdm660_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_835_firmware qca9379_firmware sdm710_firmware sdm630_firmware sdm636_firmware +41 more products- Published: Oct. 23, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2017-18170
Improper input validation in Bluetooth Controller function can lead to possible memory corruption in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820... Read more
Affected Products : android sdm660_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_835_firmware qca9379_firmware sdm710_firmware sdm630_firmware sdm636_firmware +41 more products- Published: Oct. 23, 2018
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2017-18169
User process can perform the kernel DOS in ashmem when doing cache maintenance operation in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.... Read more
Affected Products : android- Published: Jun. 15, 2018
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2017-18160
AGPS session failure in GNSS module due to cyphersuites are hardcoded and needed manual update everytime in snapdragon mobile and snapdragon wear in versions MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 835, SD 845, SD 850... Read more
Affected Products : android sd_835_firmware mdm9650_firmware msm8909w_firmware mdm9635m_firmware mdm9645_firmware mdm9655_firmware sd_845_firmware sd_850_firmware mdm9635m +7 more products- Published: Jan. 18, 2019
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2017-18159
In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, while processing a StrHwPlatform with length smaller than EFICHIPINFO_MAX_ID_LENGTH, an array out of bounds acce... Read more
Affected Products : android- Published: Jul. 06, 2018
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2017-18158
Possible buffer overflows and array out of bounds accesses in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05 while flashing images.... Read more
Affected Products : android- Published: Jul. 06, 2018
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2017-18157
A Use After Free Condition can occur in Thermal Engine in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 82... Read more
Affected Products : msm8996au_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_835_firmware mdm9650_firmware msm8909w_firmware sdx20_firmware mdm9206_firmware +32 more products- Published: May. 06, 2019
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2017-18156
While processing camera buffers in camera driver, a use after free condition can occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 625, SD 820, SD 820A, SD 835, SDX20.... Read more
Affected Products : msm8996au_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_835_firmware mdm9650_firmware sdx20_firmware mdm9206_firmware mdm9607_firmware sd_210_firmware +14 more products- Published: May. 06, 2019
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2017-18155
While playing HEVC content using HD DMB in Snapdragon Automobile and Snapdragon Mobile in version MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, an uninitialized variable can be used leading to a kernel fault.... Read more
Affected Products : msm8996au_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_835_firmware msm8996au sd_625 sd_820 sd_835 +2 more products- Published: Jul. 12, 2018
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2017-18154
A crafted binder request can cause an arbitrary unmap in MediaServer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.... Read more
Affected Products : android- Published: Jun. 06, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-18147
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in MMCP, a downlink message is not being properly validated.... Read more
Affected Products : android- Published: Apr. 03, 2018
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2017-18146
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD ... Read more
Affected Products : sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_835_firmware mdm9650_firmware msm8909w_firmware mdm9206_firmware mdm9607_firmware sd_410_firmware +46 more products- Published: Apr. 11, 2018
- Modified: Nov. 21, 2024